Agreed.
> ----------
> From: Mark Harford
> Reply To: [EMAIL PROTECTED]
> Sent: Friday, September 7, 2001 09:05
> To: [EMAIL PROTECTED]
> Subject: RE: VBS Blocking
>
> I'd agree that the little buggers deserve a slow and painful death. We
> certainly block actual scripts, but to block because of a text string that
> says "outlook application" and then claim that it is VBS is going too
> far.
>
> Mark
>
> -----Original Message-----
> From: Couch, Nate [mailto:[EMAIL PROTECTED]]
> Sent: 07 September 2001 14:01
> To: Exchange Discussions
> Subject: RE: VBS Blocking
>
>
> On one of our clients we block VBS at the Exchange servers, and
> MAILSWEEPER
> box. We simply kill it. I would rather kill the little buggers versus
> letting them get into our systems and kill me since I would have to clean
> up
> the mess.
>
> Nate Couch
> EDS Messaging
>
>
> > ----------
> > From: Neil Hobson
> > Reply To: [EMAIL PROTECTED]
> > Sent: Friday, September 7, 2001 07:51
> > To: [EMAIL PROTECTED]
> > Subject: RE: VBS Blocking
> >
> > I just setup a MailSweeper for a client yesterday and blocked VBS
> > files...but um...not to that level! And no, I didn't include the log
> > file in the inform message!
> >
> > Neil
> >
> > -----Original Message-----
> > From: Mark Harford [mailto:[EMAIL PROTECTED]]
> > Posted At: 07 September 2001 13:49
> > Posted To: Exchange Mailing List
> > Conversation: VBS Blocking
> > Subject: VBS Blocking
> >
> >
> >
> > This is ridiculous! I have just had my last message rejected as being
> > a Vbscript virus because it had the phrase "Outlook Application" in
> > the plain text message body. The entire log file was also included in
> > the message sent to me which surely is not a good idea.
> >
> > Anyone else set up Mailsweeper to be quite so severe?
> >
> > The relevant entry in the log is as follows:-
> >
> >
> > 13:38:09.62 (VAL:002) DetectVBS - PerformIf matched
> > containerclass=="Text". 13:38:09.62 (LEX:003) Found phrase Value 100,
> > Text "Outlook application " 13:38:09.62 (LEX:003) Total Value = 100,
> > Loading = 1, result = "HaveVBS" 13:38:09.62 (MSW:002) Validator
> > 'DetectVBS' returned "HaveVBS" 13:38:09.62 (MSW:001) Validating Node
> > '0'
> > - '' ''
> > 13:38:09.62 (MSW:002) Attribute 'AttachmentSize' = 4043
> > 13:38:09.62 (MSW:002) Attribute 'NodeId' = '0'
> > 13:38:09.64 (LEX:003) Total Value = 0, Loading = 1, result = ""
> > 13:38:09.64 (MSW:001) Following disposal route "VBSFile". 13:38:09.64
> > (MSW:002) Quarantine disposal 13:38:09.84 (MSW:001) Message quarantined
> > in "Blocked Messages" as entry "A0011217".
> >
> >
> > A bit OTT I think!
> >
> > mark
> >
> > -----Original Message-----
> > From: MAILsweeper [mailto:[EMAIL PROTECTED]]
> > Sent: 07 September 2001 13:38
> > To: '[EMAIL PROTECTED]'
> > Cc: Postmaster
> > Subject: A Copy of a VBS Virus may have been detected in this message.
> >
> >
> > A mail message has been found containing VBscript-ing language.
> > There is a potential that this could contain malicious code.
> > <<logfile.txt>> <<body.txt>>
> >
> >
> > This e-mail, and any attachment, is confidential. If you have received
> > it in error, please delete it from your system, do not use or disclose
> > the information in any way, and notify me immediately. The contents of
> > this message may contain personal views which are not the views of the
> > BBC, unless specifically stated.
> >
> >
> > _________________________________________________________________
> > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> > Archives: http://www.swynk.com/sitesearch/search.asp
> > To unsubscribe: mailto:[EMAIL PROTECTED]
> > Exchange List admin: [EMAIL PROTECTED]
> > **********************************************************************
> > This eMail and any files transmitted with it are confidential and
> > intended solely for the use of the individual to whom it is addressed.
> > Any view or opinions presented are solely those of the author and do
> > not necessarily represent those of Silversands or any of its
> > subsidiary companies. If you have received this eMail in error please
> > contact the Support Desk Immediately by telephone on 01202-360000 or
> > on eMail at [EMAIL PROTECTED]
> > **********************************************************************
> >
> > _________________________________________________________________
> > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> > Archives: http://www.swynk.com/sitesearch/search.asp
> > To unsubscribe: mailto:[EMAIL PROTECTED]
> > Exchange List admin: [EMAIL PROTECTED]
> >
> >
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
>
>
> This e-mail, and any attachment, is confidential. If you have received
> it in error, please delete it from your system, do not use or disclose
> the information in any way, and notify me immediately. The contents of
> this message may contain personal views which are not the views of the
> BBC, unless specifically stated.
>
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
>
>
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
